Last active
February 22, 2021 10:03
-
-
Save l0rd/ace48c44a20092e115edf80694ac5c21 to your computer and use it in GitHub Desktop.
Scripts to provision Che on minikube
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -o nounset | |
set -o errexit | |
export CHE_SERVER_NAMESPACE=workspaces-server | |
export MINIKUBE_PROFILE=minikube | |
# Switch to context minikube | |
kubectx ${MINIKUBE_PROFILE} | |
# Delete Che | |
chectl server:delete --telemetry=on --skip-deletion-check --delete-namespace -n ${CHE_SERVER_NAMESPACE} | |
# Stop minikube | |
minikube stop -p ${MINIKUBE_PROFILE} | |
# Delete minikube | |
minikube delete -p ${MINIKUBE_PROFILE} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -o nounset | |
set -o errexit | |
CHE_SERVER_NAMESPACE=workspaces-server | |
CHE_CLUSTER=eclipse-che | |
MINIKUBE_PROFILE=minikube | |
TLS_SECRET=che-custom-tls | |
CA_BUNDLE=che-trusted-ca-bundle | |
CA_CERT_PATH=~/Library/Application\ Support/mkcert/rootCA.pem | |
CURRENT_FOLDER=${PWD} | |
CHE_OPERATOR_PATCH=${CURRENT_FOLDER}/checluster-patch.yaml | |
printf "" > "${CHE_OPERATOR_PATCH}" | |
CHE_WORKSPACE_ENGINE=${CHE_WORKSPACE_ENGINE:-che-server} | |
prereq_check() { | |
[[ "$OSTYPE" == "darwin"* ]] || (echo "this script is for macOS only"; exit 1) | |
command -v brew &> /dev/null || (echo "Command brew is not in PATH. To install homebrew visit https://docs.brew.sh/Installation"; exit 1) | |
command -v minikube &> /dev/null || (echo "Command minikube is not in PATH. To install minikube run \"brew install minikube\""; exit 1) | |
command -v kubectl &> /dev/null || (echo "Command kubectl is not in PATH. To install kubectl run \"brew install kubectl\""; exit 1) | |
command -v mkcert &> /dev/null || (echo "Command mkcert is not in PATH. To install mkcert run \"brew install mkcert\""; exit 1) | |
command -v kubens &> /dev/null || (echo "Command kubens is not in PATH. To install kubens run \"brew install kubens\""; exit 1) | |
command -v chectl &> /dev/null || (echo "Command chectl is not in PATH. To install chectl run \"bash <(curl -sL https://www.eclipse.org/che/chectl/) --channel=next\""; exit 1) | |
} | |
provision_minikube() { | |
# Update minikube | |
brew upgrade minikube | |
# Create and start a brand new minikube instance | |
minikube start --memory=8192 --vm=true \ | |
--cpus=4 \ | |
-p ${MINIKUBE_PROFILE} \ | |
--addons=ingress | |
# Generate Che certificates (for minikube) | |
MINIKUBE_DOMAIN=$(minikube -p ${MINIKUBE_PROFILE} ip).nip.io | |
mkdir -p ~/minikube-certs && cd ~/minikube-certs && \ | |
mkcert "*.${MINIKUBE_DOMAIN}" && \ | |
cd "${CURRENT_FOLDER}" | |
} | |
patch_nginx_to_use_trusted_cert() { | |
kubectx ${MINIKUBE_PROFILE} | |
MINIKUBE_DOMAIN=${MINIKUBE_DOMAIN:-$(minikube -p ${MINIKUBE_PROFILE} ip).nip.io} | |
cat ~/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}".pem "${CA_CERT_PATH}" > ~/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}".pem.patched | |
kubectl create secret tls mkcert-tls \ | |
--namespace kube-system \ | |
--key ~/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}"-key.pem \ | |
--cert ~/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}".pem.patched | |
kubectl patch --namespace kube-system \ | |
deployment ingress-nginx-controller \ | |
--type=json -p='[{"op": "add", | |
"path": "/spec/template/spec/containers/0/args/-", | |
"value": "--default-ssl-certificate=kube-system/mkcert-tls" }]' | |
printf "spec:\n k8s:\n tlsSecretName: ''\n" > "${CHE_OPERATOR_PATCH}" | |
} | |
create_custom_che_tls_secret() { | |
kubectx ${MINIKUBE_PROFILE} | |
kubectl create namespace ${CHE_SERVER_NAMESPACE} || true | |
MINIKUBE_DOMAIN=${MINIKUBE_DOMAIN:-$(minikube -p ${MINIKUBE_PROFILE} ip).nip.io} | |
# Create the TLS secret | |
kubectl delete secret "${TLS_SECRET}" --namespace "${CHE_SERVER_NAMESPACE}" || true | |
kubectl create secret tls "${TLS_SECRET}" \ | |
--namespace "${CHE_SERVER_NAMESPACE}" \ | |
--key ~/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}"-key.pem \ | |
--cert ~/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}".pem | |
# kubectl patch checluster "${CHE_CLUSTER}" -p "{\"spec\": {\"k8s\": {\"tlsSecretName\": \"${TLS_SECRET}\"}}}" | |
kubectl patch checluster "${CHE_CLUSTER}" --type='json' \ | |
--namespace "${CHE_SERVER_NAMESPACE}" \ | |
-p="[{\"op\": \"replace\", \"path\": \"/spec/k8s/tlsSecretName\", \"value\": \"${TLS_SECRET}\"}]" | |
kubectl patch checluster "${CHE_CLUSTER}" --type='json' \ | |
--namespace "${CHE_SERVER_NAMESPACE}" \ | |
-p="[{\"op\": \"replace\", \"path\": \"/spec/server/cheHostTLSSecret\", \"value\": \"${TLS_SECRET}\"}]" | |
} | |
create_che_ca_bundle_cm() { | |
kubectx ${MINIKUBE_PROFILE} | |
kubectl create namespace ${CHE_SERVER_NAMESPACE} || true | |
MINIKUBE_DOMAIN=${MINIKUBE_DOMAIN:-$(minikube -p ${MINIKUBE_PROFILE} ip).nip.io} | |
# Create the che-trusted-ca-bundle configmap | |
kubectl create configmap ${CA_BUNDLE} \ | |
--namespace="${CHE_SERVER_NAMESPACE}" \ | |
--from-file="${CA_CERT_PATH}" \ | |
--from-file=/Users/mloriedo/minikube-certs/_wildcard."${MINIKUBE_DOMAIN}".pem | |
kubectl label configmap ${CA_BUNDLE} \ | |
app.kubernetes.io/part-of=che.eclipse.org \ | |
app.kubernetes.io/component=ca-bundle \ | |
--namespace="${CHE_SERVER_NAMESPACE}" | |
} | |
deploy_nightly_multi_host_che() { | |
# Update chectl | |
chectl update next | |
chectl server:deploy \ | |
--telemetry=on \ | |
-p minikube \ | |
-n "${CHE_SERVER_NAMESPACE}" \ | |
--workspace-engine="${CHE_WORKSPACE_ENGINE}" \ | |
--che-operator-cr-patch-yaml "${CHE_OPERATOR_PATCH}" | |
rm -f "${CHE_OPERATOR_PATCH}" | |
} | |
prereq_check | |
provision_minikube | |
patch_nginx_to_use_trusted_cert # <-- temp workaround until #18957 get fixed | |
# <-- even that got broken #19052 | |
deploy_nightly_multi_host_che | |
# create_custom_che_tls_secret | |
# create_che_ca_bundle_cm | |
# echo "" | |
# echo "" | |
# echo "To manually add Che self-signed CA cert to the system keychain run:" | |
# echo " CHE_CA_CRT=<path to cheCA.crt>" | |
# echo " sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${CHE_CA_CRT}" | |
# echo "" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment